EDB-48336 [VERIFIED]: DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit) | Zerodai

KI-AnalyseKI-gestützt

Exploit-Code

Exploit code not available in database

CVE-2018-18326

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15...

7/3/2019CWE-331

CVE-2018-18325

7.5HIGH

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

7/3/2019CWE-326, CWE-326

CVE-2018-15812

7.5HIGH

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

7/3/2019CWE-331

CVE-2018-15811

7.5HIGH

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

7/3/2019CWE-326, CWE-326

CVE-2017-9822

8.8HIGH

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

7/20/2017CWE-94, CWE-94

KI-AnalyseKI-gestützt

Exploit-Code

Verwandte CVEs (5)

CVE-2018-18326

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15

CVE-2018-18325

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

CVE-2018-15812

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

CVE-2018-15811

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

CVE-2017-9822

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."